Menu

Manipulating cookies without server side scripting and without client-side scripting

05 July 2006

I wanted to title this article "Baking and eating cookie with no hands" but it could have been a little confusing ;-)

Sometimes there are situations where you've got a set of static pages on the web.
You don't want (or can't) use any form of server side scripting and where using javascript to do the job is out of question (because the page is hit by millions of users and you have to support people who have deactivated javascript)

I've found Apache mod_rewrite of great help for that.

Let's say that you are publishing public domain books on the web.

you've got a url like that

/book/VolumeII/PartA/Chapter4/index.html

You want to supply the user a feature that will allow them to return quickly to the last text they have visited (a bookmark, literally, that is)

So you create a url like

/book/last_position/

and you it to redirect the user to

/book/VolumeII/PartA/Chapter4/index.html

How do you do it?
below is a mod_rewrite code that you can stick in your Apache config or a .htaccess:

the "@" in both snippet of code has no special meaning, I use them as a separator. I suppose you could anything that's not a Regular Expression operator. You cannot use ";" as this is a Netscape cookie field separator.

It's also worth noting that the cookie flag is available only in versions of Apache greater than 2.0.40.

All good? The problem here is that every-time a user hits a url to read a book, a mod_rewrite code is executed and a cookie set which could be a performance drag.

it's a better to modify the current url to save the current position:

/book/VolumeII/PartA/Chapter4/save_position

Then the following mod_rewrite code (instead on the one above that set cookie every-time) will do the trick:

In all of the code above, the url is being rewritten, which mean the user doesn't see anything changed in the url. If you want the redirection being explicitly visible to the users, you can add the R flag. It becomes:

There's one thing we need to do now: deal with users who have deactivated the cookies. When they click on the saveposition link they will be brought back to the calling page whether or not they have cookie activated. The issue is the /lastposition url. If by any chance non-cookie users find that url they need to be redirected somewhere. Somewhere could be an entry point to navigate all the book like /book/. We do the same if the users accepts cookies but haven't got one yet.

A final refinement is the time of validity for the cookie. If you don't supply this parameter when setting up the cookie, the cookie lifetime won't last beyond the current browsing session. The COokie flag accept duration in minutes. So to set the lifetime of a cookie to 1 year, you do that: